A peek inside a managed spam service

Just how easy is it to become a spammer in 2012? Too easy to be true.

Especially in times when everything needed to become a spammer, starting for a managed spam appliance, DIY email harvesters, and millions of harvested emails, are available for sale within the cybercrime ecosystem. Despite the numerous botnet take downs we’ve seen in recent years, spam and phishing attacks continue plaguing millions of end and corporate users, potentially exposing them to malicious links, malicious payloads and fraudulent propositions.

In this post, I’ll profile a Russian managed spam service that’s been in operation for 5 years, allowing novice cybercriminals an easy entry into the world of spamming.

More details:

What’s particularly interesting about the service, is that it’s currently advertised at a dozen of cybercrime-friendly underground communities, in an attempt by its owners to increase the clients base. What’s so special about this service anyway? Is it vertically integrating within the marketplace by occupying leading positions in multiple market segments? Let’s take a closer look.

Screenshots of the service’s underground market proposition, and currently harvested email databases offered for sale:

How does the service differentiate itself from the rest of the propositions within the cybercrime ecosystem? By emphasizing on key core competencies such as managed QA (quality assurance) ensuring that the message about the get spammed will successfully bypass anti-spam filters. Next to this option, the service also offers the availability of graphic designers capable of producing custom layouts on request. Not surprisingly, thanks to the fact that the service is build around the concept of anonymity, a customer could easily request the design of spam templates impersonating Google, Facebook, USPS, LinkedIn, U.S Airways, or Verizon Wireless.

For customers who don’t have their own databases of harvested emails, the managed spam service will gladly offer them to take advantage of the already harvested databases of publicly obtainable emails.

Databases of harvested email addresses on a per country/industry/type of email basis is available at the following prices:

Among the key differentiation factors used by this vendor of managed spam service, is the ability to send spam on fax numbers, with an already obtained database consisting of 98,000 fax numbers. This and the recently exposed capability of managed MMS spam sending, indicate the vendor’s ongoing customerization of their business model.

[…] data from legitimate customers. Thanks to the overall availability of harvested email databases, managed spam services, and phishing site templates for the most popular brands in the financial sector, a novice […]